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REMARKS/ARGUMENTS 

This Amendment is in response to the Office Action mailed July 17, 2008. 
Claims 1, 3-9, 11-13, 17, 18, and 20-25 were pending in the present application. This 
Amendment amends claim 23, leaving pending the application claims 1, 3-9, 11-13, 17, 18, and 
20-25. Applicants submit that no new matter has been introduced by virtue of these 
amendments. Reconsideration of the rejected claims is respectfully requested. 

Objection to Claim 23 

Claim 23 is objected to because of an informality resulting from a typographical 
error. The claim as been amended to correct the typographical error. 

35 LJ.S.C. § 103(a) Rejection of Claims 1, 4-9, 11-13, 17-18, and 20-25 

Claims 1, 4-9, 1 1-13, 17-18, and 20-25 are rejected under 35 U.S.C. §103(a) as 
being unpatentable over Doyle (U.S. Patent No. 7,134,012, hereinafter "Doyle") in view of 
Woundy (U.S. Patent No. 6,009,103, hereinafter "Woundy"). Applicants respectfully traverse 
the rejection. 

Applicant's independent claim 24 relates to a novel method for providing port 
security in a network device. In one embodiment, a data packet comprising a source IP address 
and a MAC address is received on a port of the network device. The MAC address in the data 
packet is then checked against a source IP address/MAC address pair table maintained by the 
network device. If the MAC address is found in the table, the source IP address in the data 
packet is learned. Significantly, the process of learning the source IP address is not initiated 
immediately; rather, this learning process is delayed from the time of receipt of the data packet 
until a predetermined amount of traffic has passed through the port . Once the source IP address 
is learned, the source IP address and MAC address in the data packet is stored in the source IP 
address/MAC address pair table. This table is used to control the transmission of data packets 
through the port. 

In accordance with the above, Applicants' independent claim 24 recites: 
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A method for providing port security in a network device, the method 

comprising: 

receiving a first data packet on a port of the network device, the first data packet 
including a first MAC address and a first source IP address; 

determining if the first MAC address is a new MAC address that is not included 
in a table of the network device, the table configured to store a plurality of source IP address and 
MAC address pairs; 

if the first MAC address is a new MAC address, learning the first source IP 
address, wherein the first MAC address and the first source IP address form a first source IP 
address and MAC address pah, and wherein said learning is delayed from a time of receipt of the 
first data packet until a predetermined amount of traffic has passed through the port; 

upon learning, sloring the first source IP address and MAC address pah in the 

table; and 

using the table to control transmission of data packets through the port. 
(Applicants' independent claim 24). 
Applicants respectfully submit that the features of claim 24 are not taught or 
suggested by Doyle or Woundy, considered individually or in combination. 

I. There is no rationale for combining Doyle and Woundy to teach or suggest the features of 
Applicants' claim 24 

As an initial matter, Applicants submit that there is no rationale for combining the 
Doyle and Woundy references to teach or suggest the features of Applicants' claim 24. As best 
understood, the Office Action relies on Doyle to teach the majority of the features of claim 24, 
and relies on Woundy to teach the singular feature of "wherein said learning is delayed from a 
time of receipt of the first data packet until a predetermined amount of traffic has passed through 
the port." The Office Action rationalizes this combination by asserting " Doyle discloses the use 
of a single DHCP server , thus the use of only a single table of the network device. . . Woundy 
discloses a plurality of DHCP . . . It would have been obvious to one of ordinary skill in the art at 
the time of applicants' invention to include a plurality of DHCP servers . . . given the benefit of 
eliminate [sic] a single point of failure ." (Office Action: pgs. 4-5; emphasis added). Thus, the 
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Office Action apparently construes both Doyle and Woundy as being directed to DHCP servers, 
with Doyle describing a single DHCP server and Woundy describing multiple DHCP servers. 

However, contrary to the Office Action, the invention of Doyle does not relate to 
DHCP servers at all . Rather, the invention of Doyle relates to techniques performed by a router 
(such as router RY (120) illustrated in FIG. 1 of Doyle). For example, Doyle describes 
techniques for filtering packets received at a port of a router. Applicants note that Doyle does 
make reference to a "DHCP request," but merely as an example of a type of data packet that may 
be received or forwarded by a router. (See e.g., Doyle: col. 2, lines 44-5 1). This reference to 
"DHCP request" does not indicate that the techniques described in the Doyle apply to a DHCP 
server. 

In contrast, the invention of Woundy relates to techniques performed by DHCP 
servers . For example, Woundy describes techniques performed by one or more DHCP servers 
for allocating IP addresses to network devices. 

Since Doyle relates to techniques performed by a router , whereas Woundy relates 
to techniques performed by DHCP servers , the Office Action's assertion that the combination of 
Doyle and Woundy gives "the benefit of eliminating a single point of failure" because Doyle 
discloses a "single DHCP server" and Woundy discloses "a plurality of DHCP servers" is 
erroneous - Doyle does not disclose a "single DHCP server" at all and thus there is no "single 
point of failure" to eliminate. Accordingly, Applicants submit that there is no rationale for 
combining these two references to teach or suggest the features of claim 24. 

II. Doyle and Woundy fail to teach or suggest "wherein said learning is delayed from a time of 
receipt of the first data packet until a predetermined amount of traffic has passed through the 
port" as recited in Applicants' claim 24 

Applicants submit that Doyle and Woundy fail to teach or suggest learning a 
source IP address of a data packet if the MAC address of the data packet is not found in a source 
IP address/MAC address pair table, "wherein said learning is delayed from a time of receipt of 
the first data packet until a predetermined amount of traffic has passed through the port" as 
recited in claim 24. The Office Action concedes that this feature of delayed learning is not 
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taught by Doyle. However, the Office Action goes on to assert that this feature is taught by 
Woundy because: 

Woundy discloses a plurality of DHCP, which inherently comprise a plurality of 
IP/MAC address pairs tables (Woundy, col. 1 lines 58-61). . . An ordinary artisan would readily 
recognize, as also indicated by Woundy, a plurality of devices, such as DHCP servers, must be 
synchronized for all the devices to have current table entries, consistent with all other devices and 
that the process of synchronization inherently causes a delay. During the delay, depending on the 
LAN's type and bandwidth from the type of a time of receipt of the first packet until device's 
learning of the first source IP address, a predetermined amount of traffic inherently passes through 
the port. 

(Office Action: pg. 5). 
Applicants respectfully disagree for at least the following reasons. 

A. The length of the synchronization delay allcRcdly taught by Woundy is not 
based the amount of traffic passed through a port 

Claim 24 specifically recites that the learning of a source IP address in a data 
packet by a network device is delayed from a time of receipt of the data packet until a 
predetermined amount of traffic has passed through a port of the network device. In other words, 
the length of the learning delay is based on the amount of traffic passed through a port, because 
the learning process cannot proceed until that amount of traffic has passed through. 

In contrast, the Office Action merely asserts that Woundy teaches (1) 
synchronizing table entries between a plurality of DHCP servers, thereby causing a 
synchronization delay, and (2) passing traffic through the ports of the DHCP servers during the 
synchronization delay. Thus, (1) and (2) merely indicate that two independent processes may 
occur simultaneously - i.e., the synchronization delay and the receipt of network traffic on a 
port. This does not teach or suggest that the length of the synchronization delay is necessarily 
based on an amount of traffic passed through a port. For example, nowhere does Woundy teach 
or suggest that the synchronization process is delayed until a certain number of data packets have 
been passed through a port. Accordingly, Woundy fails to teach or suggest "wherein said 
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learning is delayed from a time of receipt of the first data packet until a predetermined amount of 
traffic has passed through the port" as recited in claim 24. (Emphasis added). 

B. The synchronization delay allegedly taught by Woundy does not begin "from 
a time of receipt of a first data packet" 

Claim 24 specifically recites that the learning of a source IP address in a data 
packet by a network device is delayed from a time of receipt of the data packet until a 
predetermined amount of traffic has passed through a port of the network device. In other words, 
the delay only begins once the data packet has been received at the network device. 

In contrast, the synchronization delay of Woundy (as explained in the Office 
Action) apparently refers to the total delay resulting from synchronizing IP information among a 
plurality of different DHCP servers. Thus, this synchronization delay does not begin when IP 
information is received at a particular DHCP server; rather, this synchronization delay apparently 
begins when the IP information is first sent out from an initial DHCP server to other DHCP 
servers. Accordingly, Woundy fails to teach or suggest "wherein said learning is delayed from a 
time of receipt of the first data packet until a predetermined amount of traffic has passed through 
the port" as recited in claim 24. (Emphasis added). 

C. Woundy makes no reference to a "predetermined" amount of traffic 
Claim 24 specifically recites that the learning of a source IP address in a data 

packet by a network device is delayed from a time of receipt of the data packet until a 
predetermined amount of traffic has passed through a port of the network device. In other words, 
the amount of traffic that is necessary to end the learning delay is determined beforehand . 

The Office Action asserts that Woundy teaches this concept because the amount 
of traffic received at a port of a DHCP server will depend on "the LAN's type and bandwidth." 
(Office Action: pg. 5). Applicants respectfully disagree. As is well known in the art, the 
characteristics of a network, such as type or bandwidth, merely determine the maximum 
theoretical amount of traffic that can be supported. The actual amount of traffic that is passed 
among the various devices on the network will vary considerably based on conditions at the time 
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of operation, such as network load. Accordingly, the amount of traffic passed through a port of 
DHCP server cannot be considered predetermined merely based on LAN type or bandwidth, 
since the actual amount of traffic passed will vary in an unpredictable manner. Accordingly, 
Woundy fails to teach or suggest "wherein said learning is delayed from a time of receipt of the 
first data packet until a predetermined amount of traffic has passed through the port" as recited in 
claim 24. (Emphasis added). 

For at least the foregoing reasons, Applicants submit that independent claim 24 is 
not rendered obvious by Doyle and/or Woundy, and respectfully request that the rejection of 
claim 24 be withdrawn. 

Independent claims 17 and 25 recite features that are substantially similar to 
independent claim 24, and are thus believed to be allowable for at least a similar rationale as 
discussed for claim 24, and others. 

Dependent claims 1, 4-9, 1 1-13, 18, and 20-23 depend (either directly or 
indirectly) from independent claims 24 and 17 respectively, and are thus believed to be allowable 
for at least a similar rationale as discussed for claims 24 and 17, and others. 

35 U.S.C. 5103(a) Rejection of Claim 3 

Claim 3 is rejected under 35 U.S.C. § 103(a) as being unpatentable over Doyle in 
view of Woundy and further in view of Whelan (U.S. Publication No. 2004/0003285, hereinafter 
"Whelan"). Applicants respectfully traverse the rejection. 

Claim 3 depends indirectly from independent claim 24, which is not anticipated or 
rendered obvious by Doyle and/or Woundy as discussed above. As best understood, Whelan 
does not provide any teaching that would remedy the deficiencies of Doyle and Woundy in this 
regard. Thus, even if Doyle, Woundy, and Whelan were combined (although there appears to be 
no rationale for combining), the resultant combination would not teach or suggest all of the 
features of claim 3. Accordingly, Applicants submit that claim 3 is allowable over the cited art, 
and respectfully request that the rejection of this claim be withdrawn. 
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Amendments to the Claims 

Unless otherwise specified, amendments to the claims are made for purposes of 
clarity, and are not intended to alter the scope of the claims or limit any equivalents thereof. The 
amendments are supported by the Specification as filed and do not add new matter. 



CONCLUSION 

In view of the foregoing, Applicants believe all claims now pending in this 
Application are in condition for allowance. The issuance of a formal Notice of Allowance at an 
early date is respectfully requested. 

If the Examiner believes a telephone conference would expedite prosecution of 
this application, please telephone the undersigned at 650-326-2400. 



Respectfully submitted, 
/Andrew J. Lee/ 



Andrew J. Lee 
Reg. No. 60,371 
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